Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Since version 1.0.2, the OpenSSL library can generate DH unsafe parameters of style X9.42 (subgroup size "q"), to support the RFC 5114.

In this case, an attacker can find the private DH exponent of the peer, if the DH key is reused. The DH key is reused in the following cases:
- SSL_CTX_set_tmp_dh() or SSL_set_tmp_dh() is used without the option SSL_OP_SINGLE_DH_USE set, which is rare.
- SSL_CTX_set_tmp_dh_callback() or SSL_set_tmp_dh_callback() is used in an undocumented mode.
- Static DH ciphersuites are used.

In some special configurations, an attacker can therefore find the private DH exponent of the OpenSSL peer, in order to decrypt other sessions.Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSH product implements a SSH client and server.

The SSH client contains an undocumented experimental feature named Roaming, which is implemented in the roaming_client.c file. This feature is enabled by default, and it is used to restart an old session. It is impacted by two vulnerabilities.

The Roaming feature can be used by a SSH server to read the SSH client memory, to obtain its keys. [severity:3/4; CVE-2016-0777]

The Roaming feature can be used by a SSH server to trigger an overflow and a descriptor leak in the SSH client, in order to generate a denial of service. [severity:2/4; CVE-2016-0778]

An attacker, who owns a malicious SSH server, can therefore invite a client to connect with OpenSSH, and then call the Roaming feature, in order to obtain sensitive information about keys used by the SSH client.Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a message without MAC (Message Authentication Code), in order to bypass the authentication using a symmetric key. [severity:2/4; 2779, CVE-2015-1798]

An attacker can spoof a packet between two servers paired with a symmetric association, in order to trigger a denial of service. [severity:2/4; 2781, CVE-2015-1799]Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

During the initialization of a TLS session, the client and the server negotiate cryptographic algorithms. The RC4 algorithm can be chosen to encrypt data.

For some weak keys (one over 2^24), the Invariance Weakness can be used to predict the two LSB (Least Significant Bit) of the 100 first bytes encrypted with RC4. The first TLS message is "Finished" (36 bytes), thus an attacker can predict LSBs of 64 bytes.

Description of the vulnerability

The TLS protocol uses a series of messages which have to be exchanged between the client and the server, before establishing a secured session.

Several cryptographic algorithms can be negotiated, such as algorithms allowed for USA export (less than 512 bits).

An attacker, located as a Man-in-the-Middle, can inject during the session initialization a message choosing an export algorithm. This message should generate an error, however some TLS clients accept it.

Note: the variant related to Windows is described in VIGILANCE-VUL-16332.

An attacker, located as a Man-in-the-Middle, can therefore force the Chrome, JSSE, LibReSSL, Mono or OpenSSL client to accept a weak export algorithm, in order to more easily capture or alter exchanged data.Full Vigil@nce bulletin... (Free trial)

Our database contains other pages. You can request a free trial to read them.